Security Bulletin: Vulnerability in rsyslog affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3634)

Summary

Vulnerability in rsyslog package affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3634).

Vulnerability Details

CVEID: CVE-2014-3634**
DESCRIPTION:** RSyslog and sysklogd are vulnerable to a denial of service. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause the service to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/96794&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance

Remediation/Fixes

The recommended solution is download SmartCloud Provisioning 2.1 Fix Pack 5 for IBM Provided Software Virtual Appliance Interim Fix 3 (2.1.0-TIV-ISCP-FP0005-SVA_IFIX03) from Fix Central and apply it as soon as practical.

Workarounds and Mitigations

None known